Privacy Policy
1. Introduction / Scope
This document is prepared in accordance with the provisions of the Ghana Data Protection Act, 2012 (Act 843) and, by extension, the EU General Data Protection Regulation (GDPR). It outlines how Micro Finance Company Limited applies and complies with data privacy principles in processing personal data of customers, staff, vendors, visitors, and other third parties interacting with the company.
This policy explains the types of personal data we collect, why we collect it, how we use it, how long we keep it, and the rights of individuals (data subjects) under applicable data protection laws.
2. Roles / Responsibilities
Micro Finance Company Limited is the Data Controller, and its executive management is responsible for ensuring this policy is implemented effectively.
The Data Protection Supervisor (DPS) oversees data privacy practices and ensures compliance. The DPS ensures all data subjects are notified prior to the collection and processing of their personal data, including data collected via Micro Finance Company Limited’s website. All staff must adhere to this policy when handling personal data.
3. Policy Statement
Micro Finance Company Limited is committed to safeguarding the privacy and confidentiality of personal data. In accordance with the Ghana Data Protection Act (DPA), we inform data subjects about how their information is used.
3.1 About Micro Finance Company Limited
Micro Finance Company Limited was incorporated in April 2005 under the Companies Code, 1963 (Act 179) as a private limited liability company and licensed by the Bank of Ghana in September 2005 under the Banking Act, 2004 (Act 673), as amended by the Banking (Amendment) Act, 2007 (Act 738), to provide financial services under a Universal Banking Licence.
With a focus on delivering innovative financial solutions, Micro Finance Company Limited operates across Ghana through various branches, ATMs, and digital platforms offering internet and mobile banking.
Due to the nature of our services, we collect and process personal data of Ghanaians, residents, and individuals worldwide as part of our operations.
3.2 What Personal Data Do We Collect?
1. Depending on the interaction, we may collect the following categories of personal data:
Identity Data – Name, title, date of birth, gender, marital status, nationality, etc.
2. Contact Data – Email, phone numbers, residential and postal addresses.
3. Financial Data – Account details, credit/debit card info, financial history.
4. Transaction Data – Transaction history, service usage details.
5. Technical Data – IP address, device IDs, browser info, location data, etc.
6. Profile Data – Login credentials, user preferences.
7. Usage Data – Website activity, product/service interaction.
8. Job Application Data – Personal information provided during recruitment.
9. Marketing Data – Communication preferences, consent records.
When we collect sensitive personal data, we will only do so based on legal grounds such as explicit consent, legal obligations, or in relation to legal claims.
4. Why We Collect Personal Data
We collect personal data only when it is necessary for our operations and service delivery. Data is collected and processed based on specific, lawful purposes and never beyond what is reasonably required.
5. Legal Grounds for Processing
We process personal data based on one or more of the following lawful grounds:
1. Consent from the data subject
2. Performance of a contract
3. Compliance with legal obligations
4. Protection of vital interests
5. Performance of a task carried out in the public interest or in the exercise of official authority
6. Legitimate interest or legal grounds under national law
Examples:
| Purpose of Processing | Lawful Basis |
|---|---|
| Account creation | Contract |
| Vendor onboarding | Contract |
| Employment processing | Contract |
6. Processing Personal Data Based on Consent
Where required, Micro Finance Company Limited will request explicit consent from data subjects. By agreeing to this privacy policy or continuing to use our website, users consent to the processing of their personal data for the purposes stated.
For children under the age of 18 (per the DPA) or 16 (under GDPR), parental or guardian consent is required. We will make reasonable efforts to verify age and the validity of such consen
6.1 Withdrawal of Consent
Data subjects can withdraw consent at any time by submitting a written request. Once consent is withdrawn, related processing will stop immediately.
In the case of a child, the parent or guardian must provide the withdrawal in writing, and we will verify the request before proceeding.
7. Use of Cookies
Our website uses cookies—including those from trusted third parties like Google Analytics—to enhance your browsing experience. Cookies help us:
1. Recognize returning users
2. Track site usage
3. Improve site functionality
4. Support live chat interactions
5. Analyze traffic trends
You may disable cookies via your browser settings, though this may affect site performance.
8. Disclosure to Third Parties
We do not share personal data with third parties without consent unless legally required (e.g., for law enforcement or national security purposes). When needed for operations (e.g., fraud prevention, legal compliance), disclosures are made under appropriate legal bases.
Cross-Border Transfers:
If personal data must be transferred outside Ghana, Micro Finance Company Limited ensures the recipient meets global data protection standards and enters into data protection agreements.
9. Data Retention
We retain personal data only as long as necessary for business, legal, or regulatory purposes. Typically, this is 10 years after the end of a customer relationship, unless otherwise required by law. After that, data is deleted or anonymized.
10. Data Subject Rights
You have the right to:
1. Access your personal data
2. Correct inaccuracies
3. Restrict processing
4. Request data transfer
5. Object to specific types of processing (e.g., marketing)
6. Be free from automated decisions/profiling
7. File a complaint or request judicial review
We will also notify third parties if your data is being processed on our behalf
11. Complaints
If you believe your personal data has been mishandled, you may file a complaint with:
Supervisory Authority
Data Protection Commission
123th, Round Street Achimota Accra
P.O. Box CT 7195, Accra
📞 +233 +266590434
📧 Info@mfclmt.com
12. Changes to Privacy Policy
We may update this Privacy Policy occasionally to reflect changes in our operations, technology, or legal requirements. Any material changes will be communicated via our website or by email (if applicable).